business news in context, analysis with attitude

Home improvement chain Lowe's, reports eSecurityPlanet, "recently began notifying an undisclosed number of current and former employees that their personal information may have been disclosed when a third-party vendor mistakenly backed up Lowe's employee data to an unsecured server."

In a letter to employees, Lowe's wrote:

"We are writing to inform you that certain personal information that Lowe’s maintains about you may have been subject to unauthorized access. Lowe’s contracts with a third-party vendor to provide a computer system (E-DriverFile) that stores compliance documentation and information related to current and former drivers of Lowe’s vehicles as well as information about certain current and former employees who access and administer the system. The personal information in E-DriverFile may include names, addresses, dates of birth, Social Security numbers, driver’s license numbers, Sales IDs, and other driving record information. We recently learned that the vendor unintentionally backed up this data to an unsecured computer server that was accessible from the Internet. You are receiving this notice because we’ve determined that your Social Security number and/or driver’s license number was in E-DriverFile and thus potentially exposed.

"Promptly after learning of the potential issue, the vendor blocked access to the unsecured backup server and retained data security experts to conduct an investigation of the incident. That investigation determined that personal information from the backup server may have been accessed between July 2013 and April 2014. To ensure that each potentially impacted person can take steps to protect themselves, we are providing this notice. At this time, we have no evidence that any of the information has been misused."
KC's View: